A major burden for many legal entities is the requirement to maintain documents and data and make these available for compliance auditing purposes.
For example, Securities and Exchange Commission (“SEC”) Rules 17a-3 and 17a-4 (and subsequent clarifying releases) specify that the majority of fixed content information generated by broker-dealers must be retained as the official record resulting from business transactions and events. Taken in combination, these rules specify either time-based or event-based retention periods, depending on the type of record stored, as well as acceptable means and procedures associated with storing this data. Time-based retention periods are fixed in length and start at the time the record is created/stored. Event-based retention periods are variable in length with an initial period running continuously from the time the record is created/stored until a specific event occurs, then retained for an additional (typically fixed) period of time after the event.
The SEC rules require: “that electronic records are capable of being accurately reproduced for later reference by maintaining the records in unalterable form.” In other words, records and documents must be preserved exclusively in a non-rewriteable, non-erasable format. The rules further clarifies that certain implementations of rewriteable and erasable media, such as magnetic disk or magnetic tape, would meet the requirements of a non-erasable, non-rewriteable recording environment provided they deliver i) the prescribed functionality, and ii) that functionality is delivered via appropriate integrated control codes for the designated retention schedule associated with the stored record. Moreover, “A broker-dealer would not violate the requirement in paragraph (f)(2)(ii)(A) of rule 17a-4 if it used an electronic storage system that prevents the overwriting, erasing, or otherwise altering of a record during its required retention period through the use of integrated hardware and software control codes.”
Thus, in order to comply with Rule 17a-4, all mediums (e.g., paper, microfiche, optical disk, tape or any other storage means) must provide Write Once Read Many (“WORM”) capabilities to prevent deletion or modification of data and must take steps to ensure that any acts of outright destruction be highly visible (e.g., deletion of consecutively numbered pages of written documents or efforts to tamper with records on an optical disk via mechanical or electrical interference) as willful attempts to violate the Rule.
In the case of an audit, any legal entity operating in the financial market may be requested to show that its actions conform to the provisions of the regulation, and/or other laws, rules, or regulations. To meet this request, the legal entity will have to retain records of information and/or documents relating to its actions over long periods of time, e.g., three to ten years. Other periods may apply. Given these long periods of time, a huge amount of data will need to be retained and kept available and accessible.
Thus, one issue of legal entities operating in the finance industry is complying with the requirements of collecting, organizing and maintaining documents in a long term storage system in a cost efficient and accessible fashion.